1. Principle and Rationale
Personal Data Protection Act B.E. 2562 was created to make Personal Data protection effective and to have efficient measures to remedy the Personal Data subject from infringement of the rights in Personal Data. The enactment of this Act is in accordance with the provision in Article 26 of the Constitution of the Kingdom of Thailand.
DTK AD Co.,Ltd. (“Company”), the Company adheres to conducting business with ethics, paying respect and complying with applicable laws. The Company is aware of data privacy related to Personal Data and is committed to protecting the privacy of personal information. Thus, the policy is declared to be the basis for Personal Data protection. The Company acknowledges of the need in safety in conducting transactions and the storage of Personal Data. Therefore, the Company pays attention to paying respect to the privacy rights of individuals and Personal Data security. The Company has set out the policies, regulations and criteria for operation with strict measures for Personal Data security to ensure that the Personal Data received by the Company will be used according to individual needs and will be legally utilized.
This Privacy Policy describes how the Company collect, use, disclose, share, store, and transfer information about the data subject when the data subject use the Company’s services (collectively, “Services”). The Company acts as a Data Controller for any information collected through the Services.
2. Personal Data
Personal Data (“Personal Data”) is the data that makes us be able to specify the identity of each person, directly or indirectly, which are:
3. Personal Data collected by the Company
The Personal Data that the Company has gathered, used and/or disclosed, such as:
4. Purpose and details of the gathering, usage and/or disclosure of Personal Data
The Company will gather the Personal Data for the benefit of business operation according to the purposes, as well as to comply with any law that the Company or the individual must follow and for any purposes as specified in this policy as follows:
4.1 To make the Company be able to operate the business according to the purposes, such as:
4.2 To perform its duties according to the relevant law or legal obligations, such as:
4.3 To conduct necessary operation under the legitimate interest without exceeding the limits that an individual can reasonably expect (Legitimate Interest), such as:
4.4 If the data subject does not provide the Company with his Personal Data which is necessary for complying with laws or performing the contract between him and the Company, he may not be allowed to use part of the Company service.
4.5 The Company may disclose the Personal Data to other people under the consent of the person, according to the Consent Form or under the legal basis allowed by law.
5. The legal basis of the Personal Data processing
Personal Data that the Company has processed and categorized by the legal basis is as follows:
If there is a (lawful) change in the purpose of Personal Data use, the Company will notify the individual within 30 days.
6. Processing of Personal Data by third parties
The Company may need to submit or transfer the Personal Data to third parties for processing, such as service providers, technical support, customer management, IT service providers, or advertising service providers, etc. The Company will ensure the submission or transfer of Personal Data in accordance with the law and will take action to have Personal Data protection measures that we deem necessary and appropriate to comply with confidentiality standards, such as fragmentation before submission of Personal Data. Alternately, the Company may choose to implement a Personal Data protection policy that has been reviewed and approved by the relevant legal authority and will proceed to submit or transfer Personal Data to third parties for processing according to the aforementioned Personal Data protection policy instead of the operation according to the law.
7. Submitting or transferring the Personal Data abroad
The Company may need to submit or transfer Personal Data to companies in the Company’s network located abroad or to other recipients as part of the Company’s normal business operations, such as submitting or transferring Personal Data to store on the server / cloud in various countries. In the event that the destination country does not have sufficient standards, the Company will take care of the submission or transfer of Personal Data to be in accordance with the law and will take Personal Data protection measures that are deemed necessary and appropriate in accordance with confidentiality standards, such as entering into confidentiality agreements with recipients in such countries, or if the recipient is a company in the Company’s network located abroad, the Company may choose to implement a Personal Data protection policy that has been examined and approved by the authority according to the relevant laws. And the Company will proceed to submit or transfer Personal Data to the company in the Company’s network abroad to be in accordance with the aforementioned Personal Data protection policy instead of complying with the law provision.
8. Duration of Personal Data record
The Company will keep Personal Data for a period required for conducting the business according to the purpose, throughout the period required for achieving the objectives related to this policy, or until the data subject requests the Company to erase or destroy his Personal Data. The data may need to be kept further if any laws requiring or allowing to do so, for example, keeping in accordance with the Anti-Money Laundering Law, keeping for the purpose of verifying and examining a possible dispute within the legal term of the law, for not more than 10 years. In this regard, the Company will delete or destroy Personal Data or make it to be anonymous data when it is not necessary or when the Company received a requirement from the data subject, or such term has ended.
9. Personal Data protection and risk and impact assessment
The Company will duly keep the Personal Data according to the Technical Measure, Management Measure and Organizational Measure to secure Personal Data processing and to prevent Personal Data violation. The Company has established relevant regulations and criteria for the protection of Personal Data and have assessed the risks and impacts of Personal Data protection, such as information technology system security standards, measures to prevent recipients who have received the data from the Company from using or disclosing information outside of their purpose or without authorization or unlawful authorization.
The Company has revised regulations, criteria and risk and impact assessment for such Personal Data protection regularly, as necessary and as appropriate, assessment of risks and impacts of Personal Data protection, including loss of reliability, trust and reliability of the customer, disadvantage in competition in the market and business, being taken legal action.
10. Right of an individual about Personal Data
Right of an individual about Personal Data is the right according to the law that people should be aware of. An individual can request to exercise the rights under the existing laws or the policy or further amendment thereto in the future, as well as the criteria as specified by the Company. In the case where a person is a minor or the ability to conduct juristic acts is limited according to the law, the individual can request to exercise the rights by getting the parent, guardian or authorized person to submit the request, with the following rights:
10.1 Right to be informed
If an individual wishes to give consent to the Company for the collection, use and/or disclosure of Personal Data, they have the right to know in detail about the purposes for which Personal Data is collected, used and/or disclosed. The data subject may or may not provide information, or in the case where the law is required to provide information.
10.2 Right to withdraw consent
If an individual has given consent for the Company to collect, use and/or disclose Personal Data (whether consent has been given by the person before the date on which Personal Data protection law comes into force or thereafter), the individual has the right to withdraw consent at any time throughout the period that Personal Data is with the Company, unless there is a restriction to the rights according to the law or there is a contract that will benefit the individual.
In this regard, the withdrawal of the consent of the individual may affect the such individual from the performance according to the contract. For the benefit of the individual, it is important to study and inquire about the effects before withdrawing consent.
10.3 Right to request to access information
An individual has the right to request to access to the Personal Data of such individual which is in the Company’s responsibility and ask the Company to make a copy of the data for such individual, including asking the Company to disclose how the Company got that Personal Data.
10.4 Right to request for data portability
An individual has the right to apply for Personal Data in case the Company has made the Personal Data in a form that is readable and usable by automatic tools or devices and usable or revealable Personal Data by automated method. An individual also have the right to request the Company to submit or transfer Personal Data in such format to other Personal Data controllers when it can be done by automated method and have the right to request Personal Data that the Company submitted or transferred Personal Data in such format to other Personal Data supervisor directly, unless it cannot be performed due to technical reasons.
However, the above Personal Data must be Personal Data that the Company has obtained consent to gather, use and/or disclose, or is the Personal Data that the Company is required to gather, use and/or disclose in order to perform the obligations according to the contract as wishes, or other Personal Data as specified by the legal authority.
10.5 Right to object to the gathering, use and disclosure of Personal Data
An individual has the right to object to the gathering, use and/or disclosure of Personal Data at any time. In case of the gathering, use and/or disclosure of Personal Data that is made for the operations necessary within the legitimate interest of the Company or as required by law, without exceeding the limit that an individual can reasonably anticipate, or to carry out their mission for the public benefit, if individuals submit an objection, the Company will continue to gather, use and/or disclose their Personal Data, only those the Company can state that the legal reason that is more important than you fundamental rights or is it for confirmation of legal rights, legal compliance or the counter in legal action as the case may be.
10.6 Right to request for data erasure
An individual has the right to request to delete or destroy their Personal Data or make the personal anonymous, if an individual believes that the Personal Data is collected, used and/or disclosed in any unlawful manner, or it is deemed that the Company is not necessary to retain it for the related purposes in this policy, or when an individual has exercised the right to withdraw consent or exercise the right to objection as stated above.
10.7 Right to request for data restriction of processing
An individual has the right to request the temporary suspension of Personal Data use, in case the Company is in the process of reviewing the request to exercise the right to correct Personal Data, or objection, or any other cases where it is not necessary for the Company and the Personal Data must be erases or destroyed according to applicable law.
10.8 Right to request for data rectification
An individual has the right to request to correct Personal Data to be updated, completed and not to be misleading.
10.9 Right to complain
An individual has the right to submit a complaint to a related authority under the law, if the individual believes that the gathering, use and / or disclosure of your Personal Data is in a manner that violates or fails to comply with applicable laws.
10.10 Restrictions on the Exercise of Rights
The exercise of the rights of the individual as mentioned above may be restricted under applicable law and there are some cases where there is a need for the Company to refuse or fail to comply with the above request. For example, it is required by law or a court order for the public interest, or the exercise of right may violate the rights or liberties of others, etc. If the Company rejects the above request, the Company will inform the individual the reason for the refusal. In this regard, the Company will take action according to the exercise of right within 30 days from the day that the person submitted the application and supporting documents to the Managing Director of the Company completely.
11. Revision of the Policy
The Company will revise this policy at least once a year or in case there is any amendment to the law.
12. Contact information
If you have any questions regarding this Policy, please contact us here; or you may also contact us through the contacts set out below.
DTK AD Co., Ltd.
399 Interchange Building, 23rd Floor , Room no. 2311 Sukhumvit Road, Khlong Toey Nua, Wattana, Bangkok 10110
[email protected]
Established on 31/1/2023
Latest Amendment on 31/1/2023